Please use this identifier to cite or link to this item:
|Publication type:||Article in scientific journal|
|Type of review:||Peer review (publication)|
|Title:||Exposed! : a case study on the vulnerability-proneness of Google Play Apps|
|Authors:||Di Sorbo, Andrea|
|Published in:||Empirical Software Engineering|
|Publisher / Ed. Institution:||Springer|
|Subject (DDC):||005: Computer programming, programs and data|
|Abstract:||Mobile applications are used for accomplishing everyday life activities, such as shopping, banking, and social communications. To leverage the features of mobile apps, users often need to share sensitive information. However, recent research demonstrated that most of such apps present critical security and privacy defects. In this context, we define as vulnerability-proneness the risk level(s) that users meet in downloading specific apps, to better understand whether (1) users select apps with lower risk levels and if (2) vulnerability-proneness of an app might affect its success. We use as proxy to measure such risk level the “number of different types of potential security issues exhibited by the app”. We conjecture that the vulnerability-proneness levels may vary based on (i) the types of data handled by the app, and (ii) the operations for which the app is supposed to be used. Hence, we investigate how the vulnerability-proneness of apps varies when observing (i) different app categories, and (ii) apps with different success levels. Finally, to increase the awareness of both users and developers on the vulnerability-proneness of apps, we evaluate the extent to which contextual information provided by the app market can be exploited to estimate the vulnerability-proneness levels of mobile apps. Results of our study show that apps in the Medical category exhibit the lowest levels of vulnerability-proneness. Besides, while no strong relations between vulnerability-proneness and average rating are observed, apps with a higher number of downloads tend to have higher vulnerability-proneness levels, but lower vulnerability-proneness density. Finally, we found that apps’ contextual information can be used to predict, in the early stages, the vulnerability-proneness levels of mobile apps.|
|Further description:||This is a post-peer-review, pre-copyedit version of an article published in Empirical Software Engineering. The final authenticated version is available online at: https://doi.org/10.1007/s10664-021-09978-0|
|Fulltext version:||Accepted version|
|License (according to publishing contract):||Licence according to publishing contract|
|Departement:||School of Engineering|
|Organisational Unit:||Institute of Applied Information Technology (InIT)|
|Published as part of the ZHAW project:||COSMOS – DevOps for Complex Cyber-physical Systems of Systems|
|Appears in collections:||Publikationen School of Engineering|
Files in This Item:
|2021_DiSorbo-Panichella_Exposed-a-case-study-on-the-vulnerability-proneness-of-Google-Play-Apps.pdf||Accepted Version||559.71 kB||Adobe PDF|
Show full item record
Di Sorbo, A., & Panichella, S. (2021). Exposed! : a case study on the vulnerability-proneness of Google Play Apps. Empirical Software Engineering, 26(4), 78. https://doi.org/10.1007/s10664-021-09978-0
Di Sorbo, A. and Panichella, S. (2021) ‘Exposed! : a case study on the vulnerability-proneness of Google Play Apps’, Empirical Software Engineering, 26(4), p. 78. Available at: https://doi.org/10.1007/s10664-021-09978-0.
A. Di Sorbo and S. Panichella, “Exposed! : a case study on the vulnerability-proneness of Google Play Apps,” Empirical Software Engineering, vol. 26, no. 4, p. 78, Jun. 2021, doi: 10.1007/s10664-021-09978-0.
Di Sorbo, Andrea, and Sebastiano Panichella. “Exposed! : A Case Study on the Vulnerability-Proneness of Google Play Apps.” Empirical Software Engineering, vol. 26, no. 4, June 2021, p. 78, https://doi.org/10.1007/s10664-021-09978-0.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.